Privacy Policy for SharePoint Apps

Virto Software Privacy Policy

This privacy policy was updated on February 26, 2020

Virtosoftware UAB, a legal entity established in Lithuania and its group companies (collectively “Virto Software”, “we”, “us”, and “ours”) is committed to protecting your privacy.

Virto Software wants to inform you how we collect, use, and disclose your personal information (“Personal Data”). “Personal Data” is information that identifies you as an individual or relates to an identifiable individual.

This Privacy Policy (the “Privacy Policy”) describes our practices in connection with information that we collect through and any other websites operated by us from which you are accessing this Privacy Policy (the “Websites”), through our social media pages (our “Social Media Pages”) as well as through email messages or other communication that we send to you that link to this Privacy Policy, or through products and services you purchase, subscribe to, or license from us, including downloadable software, applications and other online services provided by us or related to Virto Software, for example, support system (collectively, all services including the Websites and our Social Media Pages, the “Services”). By using the Services, you agree to this Privacy Policy.

This Privacy Policy describes how Virto Software processes Personal Data in its capacity as a controller (i.e. Virto Software decides what Personal Data is collected and what it is used for) or as a processor (i.e. Virto Software only processes the data as per the controller’s instructions), as the case may be. It also describes your choices regarding use, access and correction of your Personal Data.

What Personal Data do we collect and process for our own purposes as a controller?

When you use our Services, visit our Websites or Social Media Pages, Virto Software may collect information, which may include Personal Data.

When you subscribe and use our Service(s), we may collect your:

  • contact information such as name, e-mail address, also mailing address, phone number, company name and job title;
  • billing information, such as credit or debit card number, bank / wire transfer details, PayPal details, billing address, zip code;
  • feedback information, such as name and e-mail address when we provide feedback or customer support from within the Service(s); and
  • unique identifiers, such as username, account number or password, information collected on the Services through cookies and similar technologies, etc.

We and our service providers may collect Personal Data in a variety of ways. Such information may be collected from you through the Services, e.g., when you sign up for a newsletter or register for Services or demo version, respond to a survey, fill out a form on Website, open a ticket for support or leave comments on the forums or in a blog. We may receive your Personal Data from other sources, such as public databases, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected) and from other third parties. For the purposes of General Data Protection Regulation (GDPR), Virto Software shall be the controller for this information you have submitted to us.

What do we use your Personal Data for?

We and our service providers use Personal Data for legitimate business purposes, including the following: (i) provide you the Service(s) and fulfilling your requests; (ii) send you communication from the Service(s); (iii) assess needs of your business to determine or suggest suitable Service(s); (iv) send you requested information about the Service(s); (v) respond to customer service requests, inquires, questions and concerns; (vi) administer your account and provide you with related customer service; (vii) send periodic emails with important notices or information about the Services (updates, bug fixing, etc.); (viii) personalize your experience on the Services by presenting products and offers tailored to you; (ix) send you promotional and marketing communications, that we believe may be of interest; (x) send administrative information to you, such as changes to our terms, conditions and policies; (xi) facilitate billing and payment transactions for the use of our Service(s); (xii) data analysis, such as to improve the efficiency of our Services; (xiii) enhancing, improving, or modifying our Services; (xiv) collecting feedback to improve our website, customer service, identify usage trends, determining the effectiveness of our promotional campaigns, etc.; (xv) developing new products and services; (xvi) being efficient about how we fulfil our legal, regulatory and contractual duties, also fraud and security monitoring purposes.

We will engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest. Our legitimate interest is the interest of ours as a business in conducting and managing Virto Software to enable us to provide to you the Services and offer the best experience. We will provide personalized services and/or send promotional and marketing communication either with your consent or because we have a legitimate interest.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided below.

To whom do we disclose your Personal Data?

Your Personal Data may be disclosed:

  • To our affiliates for the purposes described in this Privacy Policy.
  • To our third-party service providers who provide services such as website hosting, data analysis, billing and/or payment processing, order fulfillment, information technology and related infrastructure provision, online advertising services, customer service, helpdesk solutions, email delivery, auditing and other services.
  • By you, on message boards, chat, blogs and other services to which you are able to post information and content (including, without limitation, the forums and our Social Media Pages). Please note that any information you post or disclose through these services will become public and may be available to other users and the general public.
  • Other uses and disclosures. We may also use and disclose your Personal Data as we believe to be necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so: (a) to comply with applicable law; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others. In addition, we have a legitimate interest in using, disclosing or transferring your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

Further details can be provided upon request.

Do we use cookies and/or collect other information?

Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other anonymous traffic data. We may use cookies that allow us to personalize our Services, such as remembering a user’s information, provide customized advertisements, content, and information, track your entries, submissions, and status in any promotions or other activities on the Service. We and our service providers may use cookies to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future, for security purposes, to facilitate navigation, to display information more effectively, to monitor and analyze the effectiveness of Services and to personalize your experience. Third-party cookies may be used for performance and functionality purposes, for example, are setting by hosting service providers and can vary depending on client/hosting. You can obtain more information about cookies by visiting

The following types of cookies are used in the Websites:

  1. Essential website cookies – these cookies are strictly necessary to provide you with services available through our Websites and to use some of its features.
  2. Performance and Functionality Cookies – these cookies enhance our performance on our website.
  3. Analytics and Customization Cookies – these cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customize our Websites for you.
  4. Advertising Cookies – these cookies are used to make advertising messages more relevant to you.
Service Provider Cookie name Cookie type Expiration
Google Analytics _ga
3 2 years
Visual Website Optimizer _vwo_uuid_v2 3 1 year
Disqus disqus_unique 1 1 year
WordPress wp-settings-time-4
1 1 year
Web Server ASP.NET_SessionId 1 When the session ends
Web Server ARRAffinity
1 When the session ends
Web Admin Panel tildauid 1 4 days
Web Server .AspNetCore.Identity.Application 1 When the session ends
Google Analytics __utma
3 2 years
Session end
2 years
Web Hosting ai_user 1 1 year
Web Hosting ajs_anonymous_id
1 18 months
Web Hosting first_session 1 1 month
Optimizely optimizelyEndUserId 3 10 years

If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular Website.

We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about Website traffic, use of the Services and report on activities and trends. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. You can learn about Google’s practices by going to

We do not usually collect nor store the IP address from which you visit.

Certain information is collected by most browsers or automatically through your device.

If we are required to treat such other information collected as Personal Data under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Data as detailed in this Privacy Policy.

Processing of information about Customers’ user (Virto Software as Data Processor)

We handle certain information, which may include Personal Data, relating to our Customers’ own customers or end-users (“Customer Information”) as a service provider on behalf of our Customers. We only process Customer Information as provided in the Terms of Service, Privacy Policy and per our Customers’ instructions. For purposes of the GDPR we are the processor and not the controller of the Customer Information.

Virto Software does not own, control or direct the use of any of the Customer Information stored or processed by a Customer or end-user via the Service. Only the Customer or end-users are entitled to access, retrieve and direct the use of such Customer Information. Virto Software is largely unaware of what Customer Information is actually being stored or made available by a Customer or end-user to the Service and does not directly access such Customer Information except as necessary to provide Services (including to respond to support requests, provide development works, maintenance, updates, etc.), as otherwise authorized by Customers or as required by law. Virto Software is not responsible for the content of the Personal Data contained in Customer Information or other information stored on its servers (or its subcontractors’ servers) at the discretion of the Customer nor is Virto Software responsible for the manner in which the Customer collects, handles disclosure, distributes or otherwise processes such information.

Our Customers are the “controllers” of Customer Information, meaning that they control the manner such information is collected and used as well as the determination of the purposes and means of the processing of such information and are responsible for compliance with the applicable data protection law. In addition, such information may be subject to our Customers’ own privacy policies. As the controller, it shall be our Customers’ responsibility to inform the end-users about the processing, and, where required, obtain necessary consent or authorization for any Personal Data that is collected as part of the Customer Information through your use of the Service(s).

As the processors of Customer Information on behalf of our Customers, we follow Customers’ instructions with respect to the Customer Information to the extent consistent with the functionality of our Service(s). In doing so, we implemented reasonable technical and organizational measures against unauthorized processing of such information and against loss, destruction of, or damage to, Customer Information.

You expressly authorize us and the service providers we use to process the Customer Information in our systems to (i) provide, improve, enhance, support and operate the Service(s) and its availability; (ii) develop new products and services; and (iii) compile statistical reports and record insights into usage patterns; (iv) to utilize third parties services to assist in providing the Service(s) with whom Customer Information may be shared; (v) to the processing and transfer of Customer Information in and to the United States and other countries which may have different privacy laws from your or their country of residence. You are representing that you have the authority to provide such authorization. If you need a signed Data Processing Addendum in addition to the Terms of Service and Privacy Policy, it can be provided upon request.

If you seek access to or wish to correct, update, modify or delete Personal Data which is part of the Customer Information and processed by us as data processor on behalf of our Customer, you should direct your query to our Customer, i.e. the controller. If you are a Customer of our Service(s) and wish to raise a request on behalf of your end-users in connection with Customer Data, you may open a ticket on the support portal of the relevant Service. Please note that if a Customer has subscribed to more than one Service, his request on a particular Service support portal is specific to that Service only and separate requests need to be raised across other relevant Service support portals.

Access, Choices and Your other rights (specific EEA customers)

If you are an individual resident in EEA, you have the following data protection rights regarding Personal Data collected and processed by Virto Software as data controller:

  • If you wish to review, access, correct, update, restrict or request deletion of your Personal Data that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you can do so at any time by contacting us.
  • You have the right to opt-out of marketing communications we or our affiliates send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or by contacting us.
  • If we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.

Our contact details are provided below in this Privacy Policy. We will respond to your request consistent with applicable law. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.

Other communications

If you are our Customer, we will send you emails and/or announcements with administrative information related to the Service(s) on occasions when it is necessary to do so. For instance, if our Service(s) is temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of communications which are not promotional in nature. If you do not wish to receive them, you may deactivate your account and not use our Services.

How long do we retain your Personal Data?

We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide the Services to you; (ii) when we have legal obligation to which we are subject; or (iii) as advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

How do we protect your information?

We have implemented reasonable technical and organizational measures to maintain the safety of your Personal Data. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. It is important for you to protect against unauthorized access to your password(s) and computer or device, and to log off when using any shared computer.

Do we disclose any information outside EEA?

Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States and EMEA countries, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.

Additional information regarding the EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Data.

Sensitive Personal Data (Personal Data of special categories)

Unless we explicitly agree otherwise in writing, you will not send us, you will not disclose, and you will not process any sensitive and/or special categories Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.

Signing using sign-in services

You can log in to some of our Services using sign-in services such as GitHub and other (Google, Facebook, etc.). These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and e-mail address.

Third party links, services and features

Occasionally, at our discretion, we may include or offer third party links, products or services on our Websites. This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. These third-party websites and services have separate and independent privacy policies. We encourage you to be aware when you leave our Services and to read the privacy policies of each and every website that collects Personal Data.

In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft or any other developer, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or in connection with our Services and/or Social Media Pages.

What personal data do Virto Office 365 Apps collect?

Virto Apps collect and store 2 types of information: your app settings and your email. Your e-mail is required to connect to the service. We store neither personal information nor a password. The stored data can be deleted upon request. Please be informed that in case of e-mail deletion you will not be able to connect to the service.

Where do Virto Office 365 Apps store that data?

You can pick the data location in the subscription administration interface. Currently, you can choose from two default locations: The western USA and Western Europe.

If you did not pick the location, the default location of your data is in the Western US. We do not track your geo, so please make sure that your data storage location complies with legislation.

If you need further help please do not hesitate to contact our Support

Use of Services by children and minors

The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from individuals under sixteen (16).

Changes to our Privacy Policy

We may change this Privacy Policy at any time. The date at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.

How to contact us?

Virto Software welcomes questions or comments you may have regarding our Privacy Policy. Should you have any questions or concerns about our privacy policy, please send us an e-mail at We will undertake reasonable efforts to address your concern.